Abnormal Security Product Overview
Abnormal Security offers a cutting-edge, AI-native, and API-based email security platform designed to protect organizations from sophisticated cyber threats, particularly those targeting human behavior.
Core Functionality
Abnormal Security’s platform is built to detect and prevent a wide range of email-based attacks, including phishing, social engineering, and business email compromise (BEC) attacks. It achieves this by deeply understanding human behavior and identifying anomalies that indicate potential threats. Here are the key aspects of its functionality:
Key Features
Inbound Email Security
- Provides unmatched protection against the entire spectrum of email attacks, from phishing to complex social engineering tactics.
- Utilizes human behavior AI to uncover targeted attacks with high accuracy, saving security teams an average of 5,000 hours per year by streamlining workflows.
Core Account Takeover Protection
- Detects and prevents account takeovers in real-time, logging out users, resetting passwords, and blocking access to prevent further damage.
- Builds a contextual behavioral timeline to aid in investigations.
AI Security Mailbox
- Automates the user-reported email workflow using AI, analyzing, classifying, and remediating malicious phishing emails.
- Engages employees with in-the-moment security training through conversational AI responses.
Security Posture Management
- Identifies and mitigates email platform posture gaps that could lead to breaches.
- Monitors user activity, tenants, app integrations, and elevated app permissions to uncover potential risks, including shadow IT.
Email Productivity
- Personalizes graymail control based on user preferences and uses Natural Language Processing to detect promotional emails, enhancing email productivity.
Complete Account Takeover Protection
- Expands protection to include 15 additional cloud and SaaS applications, providing uniform visibility and detection across cloud environments.
Messaging Security
- Inspects messages on platforms like Slack, Teams, and Zoom to identify suspicious activity and compromised accounts, protecting against third-party risks.
Platform Features
API Integration
- Integrates directly with Microsoft 365 and Google Workspace via API, ingesting thousands of human behavior signals to baseline known behavior.
Knowledge Bases
- Includes PeopleBase, ThreatIntelBase, VendorBase, and AppBase, which provide visibility into cross-application privileges, IP-based intelligence, vendor communication patterns, and third-party app integrations to support threat hunting and incident response.
Tenant Management
- Highlights changes to mail and cloud application tenant configurations, surfacing changes to conditional access policies, permissions, and admin roles that could introduce risk.
Role-Based Access Control and Notification
- Offers granular control over access levels for Portal users and automated notifications for various email categories, including threat and graymail updates, and alerts on user-reported phishing attempts.
Audit Log and Reporting
- Provides a granular log of Portal activities to meet audit requests and visual reports of historical attack metrics for deeper insights into the threat landscape.
Integration and Architecture
- The Abnormal platform integrates seamlessly with various cloud applications, cloud infrastructure (AWS, Azure, Google Cloud Platform), identity providers (Okta, Ping), and security tools (CrowdStrike, Splunk) via API.
- It also integrates with security operations solutions such as SIEM, SOAR, and EDR/XDR platforms, allowing security teams to leverage Abnormal’s threat detection within existing response workflows.
AI and Machine Learning
- Abnormal uses focused artificial intelligence and machine learning to analyze vast amounts of data, identify patterns, and make quick, accurate decisions about human behavior and attack patterns. It combines predictive AI with generative AI agents to refine and augment its detection and remediation capabilities.
In summary, Abnormal Security’s platform is a comprehensive solution that leverages AI and machine learning to protect organizations from advanced email threats by understanding and analyzing human behavior, integrating seamlessly with existing security ecosystems, and providing robust features for threat detection, incident response, and security posture management.